pflkm for NetBSD-current available

Contributed by jose on 2003-06-09 from the portable-filters dept.

tom hensel writes : " The OpenBSD packet filter (or pf, for short) replaced Darren Reed's IP Filter in OpenBSD 3.0, due to problems with IP Filter's license. Since then, pf has evolved quickly, and now has several advantages over IP Filter. Here is a port of the pf code found in OpenBSD 3.3 to NetBSD 1.6.1. </snip>

...and now for NetBSD-current, see http://foo.unix.se/joelw/pflkm.html "

Again, this is pretty neat to see our packet filter getting ported around. Anyone know if they have been able to contribute back any pacthes, feature enhancements, or the like?

(Comments are closed)

Comments

By tom hensel () tom@replic8.net on 2003-06-09 14:19 mailto:tom@replic8.net

...see subject ;)
By henning () henning@openbsd.org on 2003-06-09 18:43 mailto:henning@openbsd.org

there hasn't been feedback from the netbsg guys, which I treat as sign that they didn't find anything wrong ;-)
anyway, guys, feel free to contact us/me.
By Anonymous Coward () on 2003-06-11 06:19

Given that part of the openbsd philosphy seems to be to keep things as simple as possible in terms both properly coding and limiting unnecessary functionality at what point should pf stop getting additional features? When will it be good enough (meaning have enough features to do the job) to just start working on bug fixes? And no I don't know of any bugs, but I can't believe that there are none.
Comments
1. By Anonymouserest Bovinen () on 2003-08-27 03:27
  
  Well... that's like saying "When does the painter's pallete have to many colors?"
  The ability to make rules based on data input from features such as OS finger printing and etc. does not exactly make PF bloaty, and if you don't like the extra feature, you can always take it out, this is still the BSD license right? :)
  
  But I kid... I can see why you might be concerned, but knowing the minimalist Theo can be at times... I don't think features in PF will ever become a diar problem for us
  
  And actually, I welcome any more creative ideas that are able to uniquely target specific types of traffic, especially since as someone else mentioned, you could use the new finger printing feature to block any Windows machines, and hence probably cut down on spam LOL

Latest Articles

Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (12)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)
Fri, Mar 08
- 06:46 OpenBGPD 8.4 released (0)
Mon, Mar 04
- 06:32 rpki-client 9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]